Prioritizing Cloud Service Threats for Succession to Information Security Management System

Abstract

With the growth of the cloud computing industry, there is also an increased risk that cloud service providers are stably providing services. Cloud service providers need to identify these threats and be proactive. Because cloud service is a service that requires a high availability rate of at least 99.9%. Therefore, this study presents a framework for collecting and prioritizing potential threats that could compromise the service of a cloud service provider. In addition, a case study was conducted to verify the proposed framework. This framework can be used only when the cloud service provider has a risk management procedure, and has a limitation in that the subjective characteristics of the cloud service provider may be included in the use of the framework. Nevertheless, it can be used in establishing a proactive threat management plan for cloud service delivery and researching cloud security management methodology.